Collaboration for powerful results
Connect with trusted partners enhancing the rConfig experience.
Collaboration for powerful results
Connect with trusted partners enhancing the rConfig experience.
Security Advisories & Vulnerability Disclosures
We take security seriously and are proud of our strong track record.
Security Advisories & Vulnerability Disclosures
We take security seriously and are proud of our strong track record.
Security Advisories & Vulnerability Disclosures
We take security seriously and are proud of our strong track record.
Security Advisories & Vulnerability Disclosures
We take security seriously and are proud of our strong track record.
Security First
Why Security Matters in Network Configuration Management
In today’s IT and OT environments, configuration management systems are a critical part of your security perimeter. rConfig plays a central role in helping network and security teams maintain compliance, enforce policy, and automate device configuration—all while protecting against unauthorized access or compromise.
Our team actively monitors, tests, and hardens the rConfig platform against known vulnerabilities. Security is not a feature. It’s a foundational part of our development, testing, and release process.

Security First
Why Security Matters in Network Configuration Management
In today’s IT and OT environments, configuration management systems are a critical part of your security perimeter. rConfig plays a central role in helping network and security teams maintain compliance, enforce policy, and automate device configuration—all while protecting against unauthorized access or compromise.
Our team actively monitors, tests, and hardens the rConfig platform against known vulnerabilities. Security is not a feature. It’s a foundational part of our development, testing, and release process.

Security First
Why Security Matters in Network Configuration Management
In today’s IT and OT environments, configuration management systems are a critical part of your security perimeter. rConfig plays a central role in helping network and security teams maintain compliance, enforce policy, and automate device configuration—all while protecting against unauthorized access or compromise.
Our team actively monitors, tests, and hardens the rConfig platform against known vulnerabilities. Security is not a feature. It’s a foundational part of our development, testing, and release process.

Proven beyond doubt
Our Security Track Record
We are proud to say that rConfig has had zero reported vulnerabilities since 2019, when a single issue affecting the now-retired v3.x was disclosed and responsibly patched. Since then, our platform has gone through a complete transformation—culminating in the release of rConfig v7 and beyond, which includes:
Role-Based Access Control (RBAC)
rConfig enforces strict Role-Based Access Control (RBAC) to ensure that users only have access to the systems, devices, and actions they are permitted to use. This is critical in environments with multiple admins, engineers, or operators.
Secure API Endpoints
rConfig's RESTful API is secured using scoped, time-limited API tokens, allowing you to integrate with third-party tools and systems—securely. All API endpoints are protected via:
Token-based authentication
HTTPS encryption
IP whitelisting (optional)
Role-based token permissions
Automated Vulnerability Scanning
Every rConfig release goes through automated vulnerability scanning as part of our CI/CD pipeline. This includes:
Dependency scanning using tools like OWASP Dependency-Check and GitHub Security Advisories
Static code analysis for common security flaws
5,000+ Tests Run on Every Release
We run over 5,000 automated tests as part of every release cycle. This includes:
Unit tests for core logic and configuration parsing
Feature tests to validate real-world workflows (e.g., backup, compliance, and diff)
Integration tests for API calls, database interactions, and UI behaviors
We believe transparency is essential. If and when a security issue arises, we will always document it clearly, notify impacted users, and provide guidance or patches quickly.
Proven beyond doubt
Our Security Track Record
We are proud to say that rConfig has had zero reported vulnerabilities since 2019, when a single issue affecting the now-retired v3.x was disclosed and responsibly patched. Since then, our platform has gone through a complete transformation—culminating in the release of rConfig v7 and beyond, which includes:
Role-Based Access Control (RBAC)
rConfig enforces strict Role-Based Access Control (RBAC) to ensure that users only have access to the systems, devices, and actions they are permitted to use. This is critical in environments with multiple admins, engineers, or operators.
Secure API Endpoints
rConfig's RESTful API is secured using scoped, time-limited API tokens, allowing you to integrate with third-party tools and systems—securely. All API endpoints are protected via:
Token-based authentication
HTTPS encryption
IP whitelisting (optional)
Role-based token permissions
Automated Vulnerability Scanning
Every rConfig release goes through automated vulnerability scanning as part of our CI/CD pipeline. This includes:
Dependency scanning using tools like OWASP Dependency-Check and GitHub Security Advisories
Static code analysis for common security flaws
5,000+ Tests Run on Every Release
We run over 5,000 automated tests as part of every release cycle. This includes:
Unit tests for core logic and configuration parsing
Feature tests to validate real-world workflows (e.g., backup, compliance, and diff)
Integration tests for API calls, database interactions, and UI behaviors
We believe transparency is essential. If and when a security issue arises, we will always document it clearly, notify impacted users, and provide guidance or patches quickly.
Proven beyond doubt
Our Security Track Record
We are proud to say that rConfig has had zero reported vulnerabilities since 2019, when a single issue affecting the now-retired v3.x was disclosed and responsibly patched. Since then, our platform has gone through a complete transformation—culminating in the release of rConfig v7 and beyond, which includes:
Role-Based Access Control (RBAC)
rConfig enforces strict Role-Based Access Control (RBAC) to ensure that users only have access to the systems, devices, and actions they are permitted to use. This is critical in environments with multiple admins, engineers, or operators.
Secure API Endpoints
rConfig's RESTful API is secured using scoped, time-limited API tokens, allowing you to integrate with third-party tools and systems—securely. All API endpoints are protected via:
Token-based authentication
HTTPS encryption
IP whitelisting (optional)
Role-based token permissions
Automated Vulnerability Scanning
Every rConfig release goes through automated vulnerability scanning as part of our CI/CD pipeline. This includes:
Dependency scanning using tools like OWASP Dependency-Check and GitHub Security Advisories
Static code analysis for common security flaws
5,000+ Tests Run on Every Release
We run over 5,000 automated tests as part of every release cycle. This includes:
Unit tests for core logic and configuration parsing
Feature tests to validate real-world workflows (e.g., backup, compliance, and diff)
Integration tests for API calls, database interactions, and UI behaviors
We believe transparency is essential. If and when a security issue arises, we will always document it clearly, notify impacted users, and provide guidance or patches quickly.
Where to Find rConfig Security Advisories
As of now, no active advisories exist for the current versions (v7.x+). Historical advisories are listed below for reference:
Date Advisory ID Affected Version Status
CVE Reference 2019-07-10 rCFG-SA-2019-01 v3.x Resolved CVE-2023-39110
All current versions of rConfig (v7+) are unaffected.
We take it seriously
Responsible Disclosure Policy
If you’ve discovered a vulnerability or security issue in rConfig, we ask you to follow our responsible disclosure process. Here’s how you can report it securely:
Email: security@rconfig.com
Include a detailed description, steps to reproduce, and your contact info
We commit to acknowledging all submissions within 48 hours
We offer Hall of Fame credit and may offer other rewards based on severity and impact
We work with researchers, customers, and community contributors to ensure rConfig remains secure and reliable for everyone.
.. and we want to help
External Resources & Best Practices
To help you secure your rConfig instance and stay up to date with general vulnerability news, here are some helpful external links:
Summary
No current vulnerabilities in rConfig v7+
Last advisory: 2019 (v3.x only, resolved)
Secure Laravel core, API token auth, and hardened backend
Proactive testing and monitoring in every release
Responsible disclosure and fast patching guaranteed
Where to Find rConfig Security Advisories
As of now, no active advisories exist for the current versions (v7.x+). Historical advisories are listed below for reference:
Date Advisory ID Affected Version Status
CVE Reference 2019-07-10 rCFG-SA-2019-01 v3.x Resolved CVE-2023-39110
All current versions of rConfig (v7+) are unaffected.
We take it seriously
Responsible Disclosure Policy
If you’ve discovered a vulnerability or security issue in rConfig, we ask you to follow our responsible disclosure process. Here’s how you can report it securely:
Email: security@rconfig.com
Include a detailed description, steps to reproduce, and your contact info
We commit to acknowledging all submissions within 48 hours
We offer Hall of Fame credit and may offer other rewards based on severity and impact
We work with researchers, customers, and community contributors to ensure rConfig remains secure and reliable for everyone.
.. and we want to help
External Resources & Best Practices
To help you secure your rConfig instance and stay up to date with general vulnerability news, here are some helpful external links:
Summary
No current vulnerabilities in rConfig v7+
Last advisory: 2019 (v3.x only, resolved)
Secure Laravel core, API token auth, and hardened backend
Proactive testing and monitoring in every release
Responsible disclosure and fast patching guaranteed
Where to Find rConfig Security Advisories
As of now, no active advisories exist for the current versions (v7.x+). Historical advisories are listed below for reference:
Date Advisory ID Affected Version Status
CVE Reference 2019-07-10 rCFG-SA-2019-01 v3.x Resolved CVE-2023-39110
All current versions of rConfig (v7+) are unaffected.
We take it seriously
Responsible Disclosure Policy
If you’ve discovered a vulnerability or security issue in rConfig, we ask you to follow our responsible disclosure process. Here’s how you can report it securely:
Email: security@rconfig.com
Include a detailed description, steps to reproduce, and your contact info
We commit to acknowledging all submissions within 48 hours
We offer Hall of Fame credit and may offer other rewards based on severity and impact
We work with researchers, customers, and community contributors to ensure rConfig remains secure and reliable for everyone.
.. and we want to help
External Resources & Best Practices
To help you secure your rConfig instance and stay up to date with general vulnerability news, here are some helpful external links:
Summary
No current vulnerabilities in rConfig v7+
Last advisory: 2019 (v3.x only, resolved)
Secure Laravel core, API token auth, and hardened backend
Proactive testing and monitoring in every release
Responsible disclosure and fast patching guaranteed